Highlighted
Absent Member.
Absent Member.
265 views

TRIM custom record authorisation

Hi TRIM experts,

I'm trying to develop a custom authorisation web application so that I can interface the TRIM repository to another system. To do this I need to use the TRIMSDK version 5.2 to determine whether or not a given location should be able to view a given record.

I've developed a similar system with TRIMSDK version 6.2 which was quite simple, as I could use the TRIMDatabase.SpawnImpersonatedDatabaseAs(...) function to get a copy of the database object and then check and see if the document is visible using db.GetRecord(...). Unfortunately this isn't supported by 5.2.

What I'm currently implementing is the same functionality, but without access to the SpawnImpersonatedDatabaseAs function. What I currently have is this:

1. Check record security level <= location security level
2. Check location has all caveats applied to record
3. Check ACL list to ensure:
a. User has the "BypassAllAccess" permission set... OR
b. Record is public... OR
c. Record is private AND user has on the ViewDocument ACL... OR
d. If the record has an inherited ACL, perform step 3 for the parent container.

Basically I have two questions:

Firstly, am I missing any exceptions that may cause the authorisation process to omit records from users who should be able to see them or (worse) display records to users that shouldn't be able to see them?

Secondly, how do I perform step 1? I can't seem to work out how to get the numeric value of a security level. I need something like this:

Private Function CheckSecurityLevel(ByRef db As TRIMSDK.Database, ByRef loc As TRIMSDK.Location, ByRef rec As TRIMSDK.Record) As Boolean
Dim locSec As TRIMSDK.SecurityLevel = loc.SecLevel
Dim recSec As TRIMSDK.SecurityLevel = rec.SecLevel

Return (locSec >= recSec)
End Function

... But this doesn't work.

Thanks in advance,

Corey
0 Likes
5 Replies
Micro Focus Contributor
Micro Focus Contributor

Re: TRIM custom record authorisation

There is nice little method which allows you to check if a given location has the access to a given record. Have you tried this ?

myRec.HasAccess(dxRecordAccess.dxViewRecord,myLocation);
Highlighted
Absent Member.
Absent Member.

Re: TRIM custom record authorisation

Hi Jason,

Thanks for your reply.

I've had a look into the myRec.HasAccess(dxRecordAccess.dxViewRecord,myLocation) method and it seems to be useful for checking the ACL. Unfortunately it doesn't take into consideration security level or security caveats, so I'll still need to check these manually.

I can check the caveat list easily enough, but any idea how to compare the security level of a record with the security level of a location?

Thanks again.

Corey
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: TRIM custom record authorisation

I think I've solved the problem.

The syntax to compare the security level is as such:

Private Function CheckSecurityLevel(ByRef db As TRIMSDK.Database, ByRef loc As TRIMSDK.Location, ByRef rec As TRIMSDK.Record) As Boolean
Dim locSec As TRIMSDK.SecurityLevel = loc.SecLevel
Dim recSec As TRIMSDK.SecurityLevel = rec.SecLevel

Return (locSec.Id >= recSec.Id)
End Function


The only problem is that the default security classes '' and '' both return an ID of 0.

To get around this check the following:

If loc.SecurityString().IndexOf("") = 0 Then
Return True
End If

And also, make sure True is returned if the user is a record administrator:

If loc.HasPermission(TRIMSDK.prmUserPermissions.prmRecordAdmin) Then
Return True
End If


Please let me know if I've made any incorrect assumptions or missed anything.

Corey
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: TRIM custom record authorisation

Looks like you've handled everything!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: TRIM custom record authorisation

See my post above.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.